The Host Unknown Podcast - Episode 36 - IT'S CHRIIIISTMAAAAS!
Episode Date: December 11, 2020This might be the last episode of the week, but that doesn't mean we scraped the barrel (except maybe for The Little People, but Jav has had a written warning for that already). Andy misunderstands th...e concept of "this week in infosec" and Thom tries to hold it together while juggling his newly acquired career in the security industry.Your usual tasty festive treats this week are:This Week in InfosecLiberated from the “today in infosec” twitter account:5th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? The identification of 10.5 billion compromised accounts.https://twitter.com/todayininfosec/status/1335020238765744129?s=208th December 2020: December 8, FireEye, a well-known security firm, announced that they had experienced a security incident that involved the theft of FireEye Red Team tools – the date of the incident was not revealed. Reportedly, evidence suggests that the compromise may have been carried out by a Russian nation-state threat actor “with top-tier offensive capabilities.” Per the blog post announcing the hack and authored by FireEye CEO Kevin Mandia, it appears that the attackers were also interested in the details related to FireEye customers that are government agencies. FireEye has engaged the FBI for this investigation.https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html Tweet of the Weekhttps://twitter.com/GrazianoDennis/status/1336796234120646662?s=20 Billy Big Balls3 Reasons Scientists Endure Social Media Trolls And Attackshttps://www.forbes.com/sites/marshallshepherd/2020/12/06/3-reasons-scientists-endure-social-media-trolls-and-attacks/?sh=668e1fb8424c Industry News#WebSummit: Nick Clegg Claims Internet Needs Accountability, Not RulesRansomware Set for Evolution in Attack Capabilities in 20212020: The Most Vulnerable Year Yet?Thales and Google Cloud Partner for External Encryption Key Management#BHEU: Collision of Cyber-Communities Creating Tension and Risk#BHEU: Focus on Security Fundamentals, Not Adversarial SophisticationData Loss Reports to ICO Increase Once Again#BHEU: North Korea’s Cyber-Offense Strategy Evolving to Focus on International Economic Targets Jav's industry NewsNear three in ten of workers furloughed feel less loyal to their employer post-furloughBusiness Executives’ Logins Sold on Russian Hacking Forum; Accounts Can Be Used for BEC ScamsPower banks could infect your smartphone with malwareExperts On Clop Ransomware Attacking Retail Giant E-LandCredential Stuffing Attack Targeted Spotify, Affecting More Than 300,000 AccountsSouth Korean retail giant E-Land Retail suffers Clop ransomware attack Rant of the WeekA new lawsuit brought by one of Apple’s oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant’s power.The lawsuit was filed on Thursday by the maker of Cydia, a once-popular app store for the iPhone that launched in 2007, before Apple created its own version. The lawsuit alleges that Apple used anti-competitive means to nearly destroy Cydia, clearing the way for the App Store, which Cydia’s attorneys say has a monopoly over software distribution on iOS, Apple’s mobile operating system.https://www.washingtonpost.com/technology/2020/12/10/cydia-apple-lawsuit/https://twitter.com/ihackbanme/status/1337079701756493825?s=20 The Little PeopleDon't go there. Seriously, just skip ahead. Look Back on the YearJanuary:Travelex: Travelex services were pulled offline following a malware infection. The company itself and businesses using the platform to provide currency exchange services were all affected.February:Estée Lauder: 440 million internal records were reportedly exposed due to middleware security failures. March:Marriott: The hotel chain suffered a cyberattack in which email accounts were infiltrated. 5.2 million hotel guests were impacted. April:Nintendo: Nintendo said 160,000 users were impacted by a mass account hijacking account caused by the NNID legacy login system.May:EasyJet: The budget airline revealed a data breach exposing data belonging to nine million customers, including some financial records.Blackbaud: The cloud service provider was hit by ransomware operators who hijacked customer systems. The company later paid a ransom to stop client data from being leaked online.June:University of California SF: The university paid a $1.14 million ransom to hackers in order to save COVID-19 research.July:MGM Resorts: A hacker put the records of 142 million MGM guests online for sale.August:Experian, South Africa: Experian's South African branch disclosed a data breach impacting 24 million customers. September:NS8: The CEO of the cyberfraud startup was accused of defrauding investors out of $123 million.October:Dickey's: The US barbeque restaurant chain suffered a point-of-sale attack between July 2019 and August 2020. Three million customers had their card details later posted online. November:Manchester United: Manchester United football club said it was investigating a security incident impacting internal systems.Fake Zoom invite cripples Aussie hedge fund with $8m hitDecember:FireEye: FireEye disclosed a cyberattack, suspected to be the work of a nation-state group. The cybersecurity firm said the hack resulted in penetration tools being stolen. The Dead DonkeyMicrosoft discloses fewest vulnerabilities in a month since JanuaryDescription: Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January. There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity exploits, and the remainder are considered "important." Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.https://blog.talosintelligence.com/2020/12/microsoft-patch-tuesday-dec-2020-.html Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
I can't believe we've actually been recording so many episodes this year.
And I suppose we got the lockdown to thank for that.
Well, that's one good thing that might have come out of it for us.
I don't know about our listeners.
So what is this, 36?
Yeah, episode 36.
And are we...
Are our stats still increasing or are they steady?
Well, they're going up in that people are listening to us,
but, you know, we'll see.
We'll see.
Maybe we could make this one the most listened to episode of the year.
How about that, dear listeners?
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are.
Welcome to the last Host Unknown Podcast of the year that shall forever be known as 2020.
That's all you need to say just 2020 and people know exactly oh i've had a bit
of a 2020 moment you know or a god this week's been a bit of a 2020 do you know what i mean just
oh my god but this is the last one so you're suffering as nearly at an end folks you know
this will be great for opticians it'll be like if you've seen the dictator the movie with uh sasha baron cohen and
he replaced a whole bunch of words in the beginning with uh aladdin his name yeah yeah so even the
words yes and or positive and negative were replaced with aladdin so there's someone at the
doctor and he goes you are hiv aladdin and he and he smiles and then he gets sad then he smiles and
he gets sad because so i smiles and he gets sad.
So I can just imagine in the future,
like going by your logic,
people are going to go to the opticians and they're going to say,
your vision is 2020.
Oh no.
Yes.
Yes.
No.
Oh dear.
Anyway, how are you Jeff?
Apart from watching a Sacha Baron Cohen movies recently.
I'm very good. I'm very good. Glad that this is the last thing of the week. Anyway, how are you, Jav, apart from watching Sacha Baron Cohen movies recently?
I'm very good. I'm very good.
Glad that this is the last thing of the week. I could do, off the year, I could do with a break
from you guys for a few weeks.
And I'm sure our listeners can too as well.
So it's a win-win, as our Chinese spy from TikTok would say.
Very good. Hello, Jav.
Ati, how would you like to follow up that xenophobic piece of dialogue?
No,
I will just agree with Javin.
It'll be good to take a break from you guys.
I only speak to you once a week anyway,
but it's,
it's been a lot.
I'm just done.
Yeah.
Stick a fork in me.
Although before Tom joined Andy,
you and I were discussing about how ever since Tom's got a job, the a job, the chat group has been blissfully quiet because he's actually working.
Just no content this week. I had to generate all this content on my own. I'm just like, there's nothing in the chat.
Blissfully quiet. You're always telling me how much I never take part in the chat.
telling me how much I never take part in the chat.
I come back and there's 72 messages
and I think, oh, this should be interesting.
And then I'm deeply disappointed when I get
to the end of all 72 messages.
It's just utter
rot. Utter rot.
And yet you send it on to other groups and
sort of claim credit for being
down with the kids, right?
Well, yeah, obviously.
Obviously. I send unique content to you guys as well i
scrape the very best of reddit oh my god it next step next year tom's gonna take a leaf out of
someone's book and like start pro yeah content from reddit posting on twitter under the guise
that this is his own original content i'm waiting for you to be in a coffee shop hearing some people being rude
to a waiter, and so you've got to register their domain name
before they do, Tom.
Yeah, that's right.
Host Unknown.
Fuckers, I'm going to register.
Hostunknown.com.
No, I'm not, because that's about a grand.
Let's do something cheaper.
Oh, dear me.
Yes, I will change my name to Khalil Langford.
So how is the new job going, Tom?
It's good.
It's good.
There's a lot to do, obviously.
I'm writing some content for the website and et cetera.
I just had a meeting this morning with the European team about some events
and things for next year, which
looks pretty busy. They probably just off the top of their heads knocked out about 25,
30 events they want me to take part in. First one is the week after next on the 23rd of
December, which is marvellous. I'm hosting or moderating a panel to do with cyber warfare.
So best start reading a book, I think.
Clearly we need Bob Geldof to intervene because they do not know it's Christmas time.
Like, why would you do a webinar on the 23rd of December?
Because it's the Middle East.
Well, clearly they do not know it's Christmas time.
There you go.
Still, you know, it's always nice to contribute, you know,
to the grand scheme of things.
But, yeah, Jav, you've just been doing your end-of-year report.
You've done a whole bunch of work this year.
Yes, I have.
I have.
He doesn't want to give any spoilers away because he's
saving in his back pocket for review day yeah yeah yeah yeah no i was quite surprised i've
written like 79 blogs this year don't ask me about the quality of them just there were 79 of them
so the rest of us call them defacements
but you know,
you go on.
Look,
a tweet can be
construed as a blog,
can't it?
It's a micro blog.
Oh dear me.
Right,
right,
let's get cracking
shall we?
Last show of the year,
we don't want to
overrun too much.
What have we got
for this week? We obviously have our not so new This Week in InfoSec Tweet of the year. We don't want to overrun too much. What have we got for this week?
We obviously have our not so new
This Week in InfoSec,
Tweet of the Week,
Billy Big Balls,
Rant of the Week,
Industry News,
which is,
is that from our regular stick?
Still the regular stick.
This is his last content.
Yeah, last week is,
sorry, next week is his last,
is there last week, isn't it?
Yeah, he's not going to be working as last week, though, is he?
Come on, let's be honest.
Well, he's barely worked this week, so.
Will we have a little people today?
Maybe.
Let's see what Jav can pull out of his bag, as it were,
out of Santa's little sack.
What can you produce for us for the little people today?
We're also going to have a look back at some of the
notable events of the year, because
we're nothing if not
topical and informative.
So, yes, that's
what we've got. Excited, folks?
Very. Can't
wait.
Oh, dear.
In which case
I reckon we should go straight on to...
This week in InfoSec.
Love the jingle.
Yeah, so this is the part of the show where we take a little stroll down memory lane.
We liberate content from me today in InfoSec Twitter account,
and for the second week running, I am feeling a little bit disappointed
in that there was only really one story worth bringing up,
so I had to go out and find my own story for the second one.
What's the point in liberating content if you have to go and find your own as well?
I know, exactly, right?
I mean, I'll have a word with the guy.
I'm going to say that there's no point in me stealing stuff from you when you're not doing the work.
Yeah.
Can you recommend anybody else I can steal from?
Exactly.
Who did you steal from?
Where's this breakdown in the chain?
So this is quite a funny one to end the year with so the the host unknown podcast has seen a new
lease of life in 2020 uh not many other things saw a lease of life but the the podcast did uh if you
recall back to our very first podcast it was five years ago and we brought you a story about a
certain mr troy Hunt leaving Microsoft.
He had finally given up his job and was going out on his own.
And so topically, he didn't work for Microsoft.
Yes, he did.
Yes, he did.
He was a Microsoft MVP, but he worked elsewhere for an insurance company or something.
I think there's a difference.
Ah, OK. No, I'm sure he worked he works at my try we know you're listening can you just you know tweet us or ping us or you know just just clarify yeah whatever just prove jab wrong that's all we're
asking it was five years ago we talked about this although jab you should probably know because i'm
pretty sure that um there's a video of you sort of picking him up and driving him around in your old
we had a fantastic day I took him to East London we went to Ilford had a brilliant curry
you must have had a real crick in your neck at the end of that day
he's like six foot six and you're four foot three you know what it's uh it's a permanent
permanent picture of my neck i mean like
you got a triangular shaped vertebrae to make sure he could look up
yeah so anyway i mean fortunately that part's uh not that factor would be part of the show anyway
but uh whether or not he uh left in 2015 or left his own company.
He used to work for Pfizer.
Right, okay.
And he was Microsoft MVP because he was in that region.
But, yeah, he worked at Pfizer.
And I suppose if he had stock there, he'd be pretty stupid now
because their stock's going through the roof with the vaccine.
Anyway, sorry, please carry on. on anyway so we clarified that part anyway the point of this one
the the uh part we are highlighting here is it was actually the 5th of december
2013 so seven years ago troy hunt launched the site have i been pwned um and so mere seven years ago at launch he had passwords
from adobe stratford gawker yahoo voices and the sony pictures breaches um indexed um so quite a
good little bulk of stuff to start with and as of today seven years later he has got nearly 11
billion compromised accounts indexed um you know in that area so i'm sure most people
are familiar with have i been pwned um it's merely seven years old wow i can't actually
believe i'm surprised it's seven years i i would have thought it's like three or four years but
um yeah i think it's it's like hat tip to try for keeping something going for that long.
You know, you see so many things in InfoSec, especially they come,
they're a flash in the pan.
A couple of years later, it's gone.
But I think it's a dedication to what you're doing,
and I think it does bring or has brought a lot of value to a lot of people.
So I think it's well done, Mr Hunt.
When we look at this thing that he's got nearly 11 billion compromised accounts or the details of 11 billion compromised accounts,
all I can do is picture him sitting in his secret rocket base in Mount Uluru
with a cat on his lap stroking it and cackling
because he's got 11 billion compromised accounts.
Yeah, no, I don't think of him like that at all.
I just see him behind a computer providing a service.
But okay.
Oh, come on.
Well, mostly on his speedboat these days, isn't he?
He's not...
True.
Did he win that on Bullseye?
Yes.
Here's what you could have won.
That's what he came to the UK for, to pick up that one from that family in Yorkshire.
He didn't need it anymore.
For our international listeners, sorry, you might have to look that one up.
Yeah.
So anyway, the next story we have.
So seven years old.
Congratulations, Mr. Hunt.
Moving on to story two.
And this is a mere three days ago.
So this is the story that I came up with.
This day in InfoSec this year.
This week in InfoSec.
FireEye, a well-known security firm,
announced that they had experienced a security incident
that involved the theft of the FireEye Red Team tools.
I remember when this happened.
Yeah.
I mean, quite a big story at the time.
So the evidence suggests that the compromise may have been carried out
by Russian nation-state threat actors with top-tier offensive capabilities.
And this is per the blog post announcing the hack authored by the fire eye ceo kevin mandia um so they are sort of saying that the it looks as though
the attackers were interested in the details of fire eye customers that specifically the government
agencies and obviously the FBI have been called
in to assist with the investigations they always are in these these things but just credit on
FireEye for this one so we have been working with them we've got some interests going on at the
moment and they've been very transparent about everything you know that they've not sort of gone
into a room and said hey look you know we'll come back to you um you know they've been very open sort of talk through where they are and um
you know ongoing works um so yeah mere three days ago but i'm pretty sure this will be mentioned in
um you know in years to come so this time next year um you know we shall cover it again they have done a really good job i have to say
um very very transparent and open and i think also what's interesting is the the rest of the
industry rallying around them yeah pointing fingers and laughing yeah and i think it makes
a difference though when you are transparent though doesn't it it's a very different vibe
straight away you get people on site uh on on sites and yeah you can really control the narrative a lot better that's it that's it
i also think it's it's one of those things that um you know you only don't when i was at alien
and i worked a lot with the research team um or got to know some of them a lot a lot better
and um some of them were telling me that, you know, threats against
researchers are a very real thing. And, you know, companies like FireEye, they are very much in that
high profile area. So even people like Krebs, we've seen like he's been swatted or attempted
to be swatted like several times, you know, people have sent him drugs and then sent the
SWAT team after him and that kind of thing. know it you know we we joke about a lot of things uh in the industry and people doing
stuff wrong but I think people that are are researching some of these big things especially
like nation states and what have you you know there is a fair amount of risk for the company
and the individuals there so uh it's even more important i think for uh that it's it's it and
reassuring to see people rallying behind them as opposed to trying to make another uh adding more
stress to their life this week in infosur thank you andy you really were scraping the barrel there
to get some additional content, weren't you?
I was quite surprised at how short that was.
But think of it this way.
Andy's now stacked this week in InfoSec for the next X amount of years because in January we'll just look back at what we've done on this January
and we'll repeat that.
Repeat the whole thing.
We didn't start until April, though, Jeff.
Oh. Okay, you, Jav. Oh.
Okay, you've got a few more.
Financial year, financial year.
Financial year, yeah, yeah, that's right, that's right.
Oh, dear.
Right, Jav, I think it's time for you this time.
What have we got for you? Oh, you're doing Tweet of the Week, aren't you?
Tweet of the Week.
What have we got for you?
Oh, you're doing Tweet of the Week, aren't you?
Tweet of the Week.
This week's Tweet of the Week is by Dennis the Trainer.
Graziano Dennis is his Twitter ID.
Americans, I'm not getting the COVID vaccine.
I don't trust what they put in it.
Also, Americans, woo-hoo, the McRib is back!
For our American listeners,
we're doing this,
we're laughing with you.
There are plenty of Brits on this side of the pond that also aren't getting the vaccine
or they don't trust what's in it.
But I think when you play
to stereotypes, it just makes it funny.
Also, Americans are 20% of our audience,
so let's not completely remove them.
Let's cater to them.
Well, cater, yeah.
McRib, everything.
Brilliant.
So anyway, that was the sort of too good to let go tweet of the week.
I had a chat with somebody the other day who said,
would you get the virus, you know, the new vaccine?
I said, yeah, of course I would.
And he said, oh, I don't know.
I just don't like sort of putting things in me.
I don't even like a paracetamol or whatever.
I was like, seriously?
You want smallpox back?
You know, why would you not you know oh there's the
brilliant trend on tiktok at the moment where people are sort of telling their family members
they've had the vaccine and then sort of uh twitching or you know doing tiktok and stuff
there's some hysterical ones about it it's just so funny how people are so scared of this vaccine yeah whereas
they'll take vaccines all all other times you know well apart from the anti-vaxxers of course
well that yeah i think that's what's to say you know you're not prepared to take this uh
scientifically researched um you know scrutinized vaccine and put it in your body to save yourself
but you're prepared to pay you know 40 quid for a gram of coke uh from some guy in the pub and snort that in the toilets
that's it that's it but you know what it's my mom was telling me she was listening to the radio and
some caller they're talking about the vaccine and someone called in who was um he was really old he
was like in his 90s um and he said that back in the 50s i think he said he
was in school and he remembers clearly that one of the teachers came in and they said that so and
so kid um won't be coming in because he's died of measles or or something like i think it was measles
and you know he's with he's with the angels whatever. I think it was like a church school or something.
And he goes, that really stuck with him because it was, you know,
a friend of his who he used to play with in the playground
and he's now dead because of this disease.
And then through his lifetime, he's seen the vaccines come
and to the point where it's completely eradicated,
like measles and
deaths from you know all these preventable things smallpox polio whatever um and so for him he was
like i cannot fathom why people do not want to take the vaccine he goes it's a tried and tested
sort of scientific method that has been going on and it's made the world a lot better just
through the course of his life he said he's seen it become so much better and he goes
you know autism death yeah yeah yeah so anyway but um moving on
a vaccine insert disclaimer we are not medical professionals so yeah please uh
please do not use this podcast for medical advice always consult your doctor before taking any
medication including the vaccine um so instead of doing a tweet of the week, I was going to just highlight who I think is the
tweeter of the year.
I know it sounds like now we're kind of officially doing some awards or what have you, but it's
not.
Do we need to get a new jingle?
Yes, we do.
But fortunately, only once a year.
It still costs the same amount.
So we shall use it every week
it has got to be in it is someone who i've followed for for a long time and he's not even
strictly about infosec he covers a lot of uh amazon web services uh it is cory quinn uh his of Amazon Web Services. It is Corey Quinn. His Twitter ID is at Quinnypig,
Q-U-I-N-N-Y-P-I-G.
And his commentary on Amazon Web Services,
especially last week when it was reInvent,
absolutely had me in stitches.
And it is just so factually correct,
but hilarious at the same time.
He also does this newsletter called Last Week in AWS.
It's worth subscribing to it if you're actually more interested in some of the technical details
around some of the services and how you do some of your costings and what have you.
Jeez, it sounds like a sponsored spot.
Tom, run the sponsor jingle for us when i get to the end of this
sponsored by last week in aws last week in aws cory quinn yes at quinny pig so
so where did he get that idea from the uh the last week in uh he's obviously a listener of this show
he is he is clearly the lovers mutual friend of the show um so so things
like if we'll put a link to his his uh some of his reinvent tweets in the show notes but there's
some things like you know and we're starting out with an ad for intel thanks to reinvent sponsor
prospectus we know that an intro video for the keynote is a sponsor option that
costs 175 000 dollars my soul cousin is free 175 gram plus the costs of making the video in the
first place yeah yeah i mean that's it's kind of like on par with a lot of these big conferences,
you know, RSA or Black Hat and what have you. So, you know, it's just the little quips he makes in between
responding to people's comments during that.
It's like, we have millions of customers,
and that's why we've had the same three keep showing up on slides
and in keynotes.
They're the only three that are willing to admit it.
Yeah.
I used to believe that your child
in pain was the worst sound you would ever hear but then aws named their custom trip tranium
custom trip yeah it's uh it's some custom trip i I don't know. I'm just looking. Just saying the same thing again doesn't mean you're explaining it.
No, it's a slide in the picture where a person on stage
and behind him there's AWS Custom Silicon.
So I think it's a typo.
I think you meant to say chip.
Maybe, maybe.
Oh, yes, they did, yeah, because it says
Tranium under that, under 2021.
Tranium? Tranium.
Anyway, that was my
selection for Tweeter of the Year.
Excusing his
typos, go follow him, he's brilliant.
Okay, thank you very much.
Tweeter of the week.
Smooth.
We updated that, no problems, on the fly.
On the fly.
AI, ML, we have it all.
And the fact that we can shout louder than the jingle.
Oh, dear. Fascinating. I love, actually,
the cost of these events that
you know, like
Ignite and
RSA, it always astounds
me how much it really does
cost to get in front of that many people.
Yeah, it's crazy.
And this was a virtual event.
And this was a virtual...
Oh, God, yes, of course.
Jeez.
I wonder how many attendees there were to the virtual event compared to normal because Ignite is definitely one of the big ones, isn't it?
Yeah.
Like tens of thousands.
Is it bigger than RSA?
I'm not sure.
Probably.
Who knows?
Different audiences, though, isn't it?
Oh, yeah, obviously. Yeah, I know's just you know just the scale of it it's a bit like um the salesforce ones they're they're
about three times the size of uh rsa and that's when they bring in cruise ships into san francisco
to act as hotels uh anyway yeah you're listening to the host unknown podcast more fun than a security vendor's briefing
virtual or other true story true story absolutely right andy i think we're over to you now
for this week billy big balls of the week okay so um this is my billy big balls of the week and although it's written by a scientist
um there's that sort of link between the stem and uh cyber security and to me this really applies
to any uh i guess subject matter expert and his take uh so this is a guy called marshall shepherd and he's written an article
um sort of saying three reasons scientists endure social media trolls and attacks um and to me this
is uh you know it's a great one and he starts off by saying that obviously social media is an
interesting place uh you know it can be a repository of amazing information access um yeah at the same time it's a cesspool of mean spiritness and uh you know misinformation
um but he's saying because you know it's a place for credible experts to connect with others beyond
the ivory towers um you know it's he tries to balance that against the fact that you know it's
also a place where people can get an audience
whether they deserve it or not, not pointing to any particular presidents in particular.
So he's really answering the question, why do respected, published and admired scientists
endure the trolling and attacks from faceless personas?
And then he sort of comes up with three reasons based on his own experiences.
And like I said, I think this relates to or can relate to um a lot of people because i often wonder you know i i
came off social media a while ago um you know say for tiktok which is just the best platform out
there um but uh um you know you know it's win-win yeah so says win-win but you go into the uh you know you can
just open twitter and just see people arguing about nothing uh you know you go to comments and
it's just it's frustrating sometimes you know there's some really really great people who've
got some really good uh insights to part um and then there's others just want to argue for the
sake of it um so this guy gives his three reasons.
And he says, you know, number one, the reason he endures the hot mess that social media is because it is an effective medium, you know, for exposing, you know, the board of public media and policymakers to the real science.
You know, I mean, the vast majority of your friends on Facebook, you know, are not scientific experts who are cracking open scientific journals or conference proceedings
on a regular basis, yet they do have an opinion
on Twitter and Facebook, which they spread
to the rest of their friends.
So he's really there to make sure that they engage
in these spaces because, as he says,
if credible expertise is not in the fray
then pseudo expertise and bad actors with agendas will gladly fill the voids
you have to take the fight to them basically yeah pretty much you can't just stay in your
your existing spheres of influence and and expect it expect them to engage there that's right he's
got something he calls mAlpine's Law, which
says that pseudoscience will always try
to fill vacuums in scientific knowledge,
which I think is great.
Why is that McAlpine's Law?
Because there's a guy
called Alistair McAlpine who
wrote about it in a medical brief.
Ah, okay, fair enough.
Yeah, I mean, again, don't read
too much into that um
but you know this is a podcast nobody looks too much into it yeah but you know if you think back
to the start of the pandemic the amount of experts um you know you've got their medical
degree from facebook um you know telling everyone else what they should and shouldn't be doing
uh so uh reason two is um you know beyond serving as an antidote to misinformation campaigns,
he says it's really about the passion.
People are passionate about what they do.
They've been doing it since a young age.
They've spent a whole career trying to understand how things work.
So he just wants the opportunity to share, you know, talk about stuff
and just let everyone know about their passions,
which I think is probably the reason most people started talking
about particular topics on social media.
It's just keeping that ego in check.
As I'm sure you're aware, Jav, a struggle that you fight with on a regular basis.
But then he does come up with uh i know we love analogies but his final
reason is um is what he calls the boiled peanut incentive um and what he's talking about is how
peanuts which although messy and cumbersome to get into uh once you're past the shell
he says the moist slightly salty nut is being so worth the effort.
That's what she said.
And he also caveats this saying that the feeling could probably apply to crab lovers too.
And so it's really, again, it comes back to the passion as it works for the greater good, the advancement of knowledge, betterment of society and the future of his kids.
Worth the effort. to good the advancement of knowledge betterment of society in the future of his kids yeah and uh yeah they're able to endure the internet shells to get his ultimate prize um
so not uh let's say not purely infosec but i think applicable to many industries
yeah it is it's why i come on this podcast every week. Are you the pseudoscience part, the pseudo-expertise?
I'm here to take the fight to the pseudoscience.
No, no, Jav is the hard, crusty shell.
Actually, no, wait.
I've got a funny thing to tell you quickly.
Yesterday, someone on LinkedIn, I won't say their name
because I don't want people looking it up,
but they announced that they were moving to another job and someone I used to work with who I love
immensely he's he's a brilliant guy he commented on them saying congratulations and he goes it'll
be good to stay in touch because clearly he works at the same place that they work at
and I replied to his comment saying ah your, your words are hollow, you never keep in touch with ex-colleagues.
And then I said, by the way,
congratulations on the job to the original poster.
And like, because me and him,
we have this just banter going on all the time
and what have you.
Anyway, I make that comment, think nothing of it.
I come back later and the original commenter
had replied to my comment,
basically tearing me a
new one saying you know you know how rude and inappropriate is for you to bring your personal
grievances onto a third person thread you know and highly unprofessional to air it in this space
and like bloody bloody blah and I'm like holy shit man and then I lick and there's like not just a like on that it's a heart
comment and I and I click to see who it is there's another person like loving that person's comment
saying that yes you go you know you tell this bully like you know put him in his place
and I'm like she did not know you at all no no no um so I was like oh man what do i so i replied saying you know what this is fantastic
that you called it out you should call out toxic behavior i wish more people are like you uh but
you know this is i maybe i should have added a smiley face it's just a inside joke between me
and my ex-colleague uh and then i and then i dm'd my my ex-colleague on twitter because
you know he wasn't around on LinkedIn.
I said, dude, you need to back me up here.
Bow me up, bow me up.
My parachute didn't open.
Help, help, mayday, mayday.
And please tell me he said how much.
You know what?
He's like, he thinks a bit like you two.
And I would not have been surprised had he,
for him to have just piled on the wall.
I have no idea what you're talking about.
No, thankfully he went on there and he cleared the air as well.
But I was sitting there thinking, oh my God,
I'm going to have to leave LinkedIn.
There's people probably sharpening their pitchforks, ready to have a go at me.
But yeah, I think, you know,
that's why I endure social media trolls and attacks.
Oh, look, Tom's looking it up now.
Okay, no need to point right yet.
Yeah, that's the one.
Yes, yes, that's the one.
As thrilling as it is listening to someone read in their head.
I know.
Yeah, I know.
I'm sorry.
I'm sorry.
Yeah, so anyway, go on.
Go on.
Well, he saved me.
And then the original post said, sorry for the confusion,
and we all lived happily ever after.
But, you know, it was just touch and go there for a second
because you just never know.
You saw your entire internet history flashing before your eyes.
Yeah, exactly, exactly.
Cancel culture.
I'm contacting your employer.
Yes.
And when Jav sees his internet history flashing before her eyes,
I think so do Andy and I because they're somewhat intertwined.
She's never good.
Never good.
Let's delete the WhatsApp
chat up till today, shall we?
We have to do that every year anyway.
Every year?
I have to do it every time Andy says something.
Oh dear.
So that was your Billy Big Balls?
No, it wasn't? It was.
Oh, it was. Yeah, that was your Billy Big Balls. Okay, it wasn't? It was. Oh, it was.
Yeah, that was your Billy Big Balls.
Okay, you're not going to do this other story then?
No.
Okay.
In which case, we'll save that one for next year.
And thank you, Andy, for this week's...
Billy Big Balls of the Week.
So, Andy, have you got the time?
I do. It's that time of the week when we...
It's me the time!
It's me the time when we head over to our reliable sources over at the InfoSec PA Newswire,
who brings us the latest and greatest stories from around the globe.
It's this week's...
Industry News.
Hashtag Web Summit.
Nick Clegg claims internet needs accountability, not rules.
Industry News.
Ransomware set for evolution in attack capabilities in 2021.
Industry news.
2020, the most vulnerable year yet.
Industry news.
TALIS and Google Cloud partner for external encryption key management.
Industry news.
Hashtag BHEU, collision of cyber communities creating tension and risk. Industry news. Hashtag BHEU, collision of cyber communities creating tension and risk.
Industry news.
Hashtag BHEU, focus on security fundamentals, not adversarial sophistication.
Industry news.
Data loss reports to ICO increase once again.
Industry news.
Hashtag BHEU North Korea cyber offence
Cyber offence strategy evolving
To focus on international
Industry News
And that was this week's
Industry News
Huge if true
Huge if true
Huge Huge, if true. Huge.
Javid's Weekly Stories.
Yes, so the real stories that you've all been waiting for.
None of that low-quality stuff from the Stig.
At least you got the jingle right this time. Yes.
Nearly three in 10 workers are
furloughed, feel less loyal to their employer post-furlough. Industry news. Business executives
log in sold on Russian hacking forum. Accounts can be used for BEC scams. Industry news. Power
banks could infect your smartphone with malware. Industry news.
Experts on Klopp ransomware attacking retail giant Elan.
Credential stuffing attack.
Oh, no.
Sorry, he didn't put a line in there.
Industry news.
He'll read anything if you put it in front of him.
Credential stuffing attack target Spotify,
affecting more than 300,000 accounts.
Industry news.
South Korean retail giant Eland Retail suffers clock ransomware attack.
And that was this week's Javs.
Javid's Weekly Stories.
I see you're recycling your PR and media content
for multiple sources on the same story.
What do you mean?
Well, Eland Retail suffers Klopp ransomware attack twice.
Yeah, so I offer a comment
and then different publications pick up the comment.
So sometimes it's picked up multiple times.
The experts on clock ransomware.
That's actually by what's the information security buzz where they just take
anyone's comment.
We used to write an article for them.
Like we had a regular column in there.
Yeah. We had three articles column in there for a couple of years. Yeah, regular column.
We had three articles, I think.
Yeah.
So I'm looking at some of these stories.
The business executive's login sold on the Russian hacking forum.
This is old news, isn't it?
This was like a few weeks back.
This isn't this week's.
But this goes by when it's picked up and when the journalist decides to write that story.
So if you look at that actual story date, that's from within the last week.
So if you're looking for old news, then you can just jump straight to Jav's industry news.
If you're looking for Russian news that might not be relevant, might not have all the details, then yes, don't come here.
But if you're looking for well-researched, well-thought-out, with all the facts, none of this speculation that Tom offers.
What do you mean speculation?
It's informed speculation.
And also
I only speculate on things which I'm pretty damn
sure are right. Okay. Anyway,
maybe InfoSec Buzz
can return the favour of our
three articles and sponsor us.
Indeed. In fact, why not?
Host Unknown Sponsored by three articles and sponsor us. Indeed. In fact, why not? You know who you are.
Yes, Dr Malik, isn't it?
He's the one that
was our contact. He took over from Joe, wasn't he?
Yeah, he took over from Joe.
Oh, yeah, yeah.
Yeah. I don't know. I wasn't it? Yeah, he took over from Joe. Oh, yeah, yeah. Yeah.
I don't know.
I don't know.
You never liked that guy when he took over Joe's job, did you?
No, no.
No, not the same.
Not the same.
Right, let's move on swiftly to this week's rant of the week,
which is me, and it's about Apple.
Woo-hoo!
Oh, surprise, surprise.
So we know whose side I'm on here straight away.
Without even knowing what the story is.
Yeah, yeah, Apple's right.
So basically, Cydia, who were the first people to create an app store back before Apple had an app store for the iPhone,
back with the original iPhone, is suing Apple.
So a new lawsuit bought by one of Apple's oldest foes seeks to force the iPhone maker to allow alternatives to the app store,
the latest in a growing number of cases that aim to curb the tech giant's power.
So it would come as no surprise that I think this is utter bullshit.
See, I was never, I resisted going to an Apple for a very long time.
What?
Well, I just did.
Yeah, everyone, it was just,
I don't know if you ever watched Star Trek,
but the old Next Gen, there was this episode
where everyone had this game that someone had picked up
and they were wearing it like a visor.
And everyone was just addicted to it.
And Wesley Crusher could see everyone else
just sort of walking around mindlessly addicted to this thing.
And for me, it was like that. You know know i had my nokia n95 i was happy but watching everyone around me
getting these apple iphones and i was like man what was going on like you know the battery life
was horrendous compared to you know other phones on the market also had a camera um so i i missed
these early days and you know the problem is I then got a free iPhone through work
and I've never looked back, unfortunately.
You looked at the back of the case, which was covered in crack,
and you were addicted to it.
Exactly, yeah.
But, yeah, I've never – I didn't know about this old app store.
So, you know, I was never there in the early days.
So, yeah, pre-app store, which I think came in in ios 2 was it or ios 3 i
think it might have been 2 or 2.1 something like that so pre then you you could um there was a
whole subculture and it still is but i think it's it's certainly less prevalent whole subculture of
jailbreaking your iphone so you could put other apps on it because the original iphone did not
have a lot of stuff for it in fairness i mean you know you could download some apps on it because the original iPhone did not have a lot of stuff for it, in fairness. I mean, you could download some games through iTunes, but they were pretty pants.
So if you wanted anything different, you had to jailbreak your iPhone, which of course means
removing all the security controls, et cetera. Less of an issue then than it would be now.
And then you could download this Cydia app and install it and it gave you access to a whole bunch of other apps.
There were some great games on there and great tools
and it was excellent.
And my first iPhone I bought from the US
and had to crack it to get it to work on the UK network, etc.
And I downloaded Cydia and I was a jailbreak freak.
Every single version that came out, I would do the latest version and stuff like that.
But then the app store came out and it became an overhead, to be honest with you, to maintain,
because every time there was an iOS upgrade, you had to wait until you could crack that in order
to get access to everything else.
And frankly, the App Store was good.
And it was a moderated environment.
Apps had to be approved and meet certain standards and all that sort of thing.
And everybody talks about the Apple walled garden and how you can only do the stuff to, you know, you can only do the stuff that Apple lets you do.
Well, fine.
You know, if you don't like that, go to an Android.
The thing was, as I saw it, Cydia had had its day.
If you wanted to develop for the iPhone, just move to the move to the app store.
store. You'd have a better software environment to work in, a guaranteed way of getting your income, et cetera, et cetera, rather than something managed outside. And so I was quite surprised to
read this, that Cydia is suing Apple, because basically they're saying that Apple needs to
break its hardware to software to firmware end-to-end control
in order to let other people mess around with its system,
which I'm not a fan of, I have to say.
I'm not a fan of.
But how is this different to, you know,
Windows went through this about pre-packaging Internet Explorer
as the default browser, and they had to open that up so people had a choice
which browser they can install.
I guess using the same arguments for that,
where Microsoft were accused of having a monopoly,
why would Apple not have the same?
I found that a little bit bizarre as well, to be honest,
because there was nothing stopping you from, I mean,
let's face it, Internet Explorer,
only job is to download firefox or chrome um but i never understood why there was such a big thing about that if you know
if you didn't like the internet explorer go and download something else and make that work and
that way i think the is the the the issue with that was that people that weren't technical and
back then there weren't a lot of people that were technical they they would just use whatever was there as default and i think what's wrong with that well it was the antitrust thing the monopoly
thing so this is the exact same thing that came to my mind as well i and i've heard like some um
even now like as microsoft adds more capability so say like now they have the windows defender
and yeah that that's there by default
and everything so you could make the same argument for antivirus vendors like you know it's anti
monopoly kind of thing or what have you uh but you know like like you say you know that's something
different because like people that are security conscious they can take it off and install
whatever they want and then have all the issues with the upgrades and what have you.
I think what is different with the Apple case, and I think you rightly pointed it out, Tom,
is that Apple own the hardware, the firmware, the software.
Yeah.
They even make their own chips now.
So it's basically that's what the value is.
When you think about Apple, that's the value.
Individually, everything is a commodity,
but when it's integrated together, that's the real value
and that's the value of the business.
I think there are a lot of flaws with the App Store,
how it works and how it compensates people that create stuff for it. I mean, that's never going to be solved, like, at least in the near future.
But there was, like, a lot of pushback,
and so they recently changed some of their percentage, I think,
for earning less than a million in revenue.
15% rather than 30%.
Exactly, exactly.
I mean, I still don't think that's completely the right model,
but it's a good step. I find that incredible. I just, you know, you're being provided this
platform for free. You know, you just have to invest in your people and your skills and you've
got your own marketing and distribution channels straight away. You don't even have to build one.
There is a lot of value in it, but there's,
there are a lot of issues there as well. And, uh, you know, we, we can go into that in,
in, in something more, more in depth, but just on, on, on this thing, I think it,
uh, I do agree with you, Tom, uh, that I think this is a case of sour grapes for Cydia.
Yeah. And, and why wait so long to rise from the ashes and decide to sue Apple?
It's, you know, it's like being a fantastic CD producer and saying,
oh, digital music has ruined us.
Let's sue Apple.
Well, no, you're going to get ahead with the times.
Or pivot to Android.
There's your platform.
There's your open source platform that allows you to download, you know, as many viruses and malware and ransomware as you want onto your phone crack on
that's it not that i have you know i'm biased in the slightest but but yeah i i find you know most
i people would complain about the rope that they're hung with sometimes. I just find it amazing the amount, as you say, the sour grapes,
but also just the amount of complaining.
You mean I have to pay to live in this house?
You mean I have to pay for this food to stay alive?
It's like, well, unfortunately, that's the way life is.
This is not a fundamental human right of access to somebody else's um you know source code as it were
so i don't know but is it uh studio sour grapes or have they just uh seen an opportunity because
of antitrust laws yeah they could be that absolutely and yeah well well people sue apple
for at the drop of a hat right yeah you Yeah, of course. Why wouldn't you?
They've got money.
Yeah, yeah, exactly, which is all part of the American…
Litigation.
You know, we can sue anybody we want, even if it's an entirely invalid case.
It's like the Seventh Amendment or something, isn't it?
Yeah, that's right.
Sue thy neighbour.
Yeah.
Yeah, the one after uh arming
bears yeah my favorite one was is like those memes you see like where people they they're in like a
walmart and there's like a puddle of water on the floor and there's no hallelujah all my prayers
have come true about to get paid yeah yeah there's a there's one of the guys uh it's a walmart look the sign's broken outside
one of the letters is hanging off and he's sort of sitting underneath it
my brother's about to get paid out here
anyway yes i think we we interestingly we tend to align with Apple on this one.
All of us, which is...
And each other. That's even more scary.
And each other, yeah. What the hell's going on?
I mean, I'm trying to think of a reason to argue it,
but I do think it's a frivolous case.
We could just argue for the sake of arguing with Tom, though.
I mean...
Well, you do that off-air anyway, so...
You're such a fan boy Tom can't you see
the monopoly that Apple have yes and I love it rant of the week oh dear show shall we do look
back on the year or the little people first let's do the little people before we look back on the year i think we can end on the year
okay okay so uh this you you think you've got a little people do you i do have a little person
okay for this person far and wide but um i i immediately i found someone he's he's new to the
where he wants to break into the cyber security industry so this is a proper little person
who's not even on the register on the radar yet and i went to him and i said like you know
why do you want to become secure into security what inspires you and what are you looking forward
to next year the little people. Hello, my name is Johnny and I'm a little person because I'm a little person that
works in hacking and cyber and because I want to grow up and be a cyber person. And I listen to
the Host Unknown podcast because it is so, so good. It is like the best podcast in the whole wide world I really like
what all the stories are and I really like the presenters but my favorite has to be Jav he is so
good he is brilliant he is my favorite in the world and the other two i think are absolutely rubbish they're just useless you could replace
them with a plank of wood and it wouldn't make any difference anyway keep up the good work jeff
and you know stay secure my friends the little people people seriously jeff so i have questions seriously jeff i think we can leave you have
one job when a person's not there to defend themselves we can't you have one job which
you struggle with every week in fairness you know i think we this is what episode 35. And I can tell you, we've done three, six,
nine,
12,
15,
16,
17.
We've done 19.
So barely half of them have had little people in it.
One of which is you.
What?
No,
sounds nothing like me.
I wouldn't say anything like that.
Holy.
I am so glad we didn't finish on this.
Yeah.
That would have been, that would have been a letdown. Oh my god.
And not only does he
pretend to be someone else, he gets
the facts wrong.
What? That you two are useless, I think. That's absolutely
right.
I agree.
Oh my goodness. Oh my goodness. my goodness right okay so we don't oh god i don't know
well we don't have a jingle stop being rubbish like a plank of wood and carry okay okay all right
so in which case should we should we run the jingle for Look Back on the Year? Do you know what we should do is have the Oasis
and just play that chorus part where it says,
Don't look back in anger.
Okay, how about let's do it this way.
Look back on the year.
There we go.
How's that?
Quality people.
I think that was good. Right, let's go. How's that? Quality people. I think that was good.
Right, let's go.
So we started the year with January, as it normally does.
As most years do.
So it did start to be a good year.
Yeah.
Yeah.
I went to Oslo in January.
I know.
At that time, the Ice Cube memes were still rolling. It was a good day.
But Travelex, it wasn't a good day for them. They were pulled offline following a malware infection.
Not just malware, it was ransomware. The company itself and businesses using the platform to
provide currency exchange services were all affected. I'd like to
say there was a happy ending to this. Unfortunately, there wasn't because they went on and
once they did recover services, the pandemic hit. And so they actually filed for bankruptcy a few
months later. Spoilers, Jav, it's January. pandemic hasn't hit yet Yeah, further on down the line
but it all started off
in January, well December actually
but okay, in January the services were offline
so that was January
Okay, we've got to be quicker than this because we've only got three minutes left
Well, that was a tough way to start the year
wasn't it? So in February
Estee Lauder suffered a data breach
at the hands of cyber criminals
which resulted in the exposure of 440 million records.
And so the data breach exposed internal emails and they always give out the line with no evidence that customer records or payment details were at risk.
So what the hell was lost then?
Well, good question.
Pictures of their models.
There were millions of records pertaining to middleware
that is used by the Estee Lauder company.
So this includes the brands such as Clinique and MAC as well in the US.
That's a lot of stuff.
Anyway, okay.
So this was February.
Again, still things were,
I think at this time of the year,
we're sort of saying,
hey, Korea doesn't look like it's in a good place.
No, that's right.
And in fact,
a couple of companies pulled out of RSA that year as well,
didn't they?
Oh, yes.
Yeah, RSA still went ahead, didn't it,
in San Francisco?
Well, Jav and I were there.
We took Coast Unknown on the road. I was in Peru, unfortunately, yeah, our estate still went ahead, didn't it, in San Francisco? Well, Jav and I were there. We took Coast Unknown on the road.
I was in Peru, unfortunately, in February.
That's right, eating marmalade sandwiches.
Yes.
Yeah, actually drinking coffee for the first time as well.
Oh, yeah, you said that you've only started drinking coffee.
Anyway, sorry, let's get back on track, shall we?
Something else in Peru that I can't remember quite.
I can't put my finger on what was there.
Paddington Bear.
Anyway.
Anyway, no, you're thinking of Colombia.
So March, the start of the lockdown, Marriott, the hotel chain,
suffered a cyber attack in which email accounts were infiltrated.
5.2 million hotel guests were
impacted again and do we know what the delta is between the previous breach that they had
um and this breach because if you recall you know uh marriott after they acquired starwood hotels
yeah they'd actually acquired a company that had already been compromised
uh and you know what i think that's a really good question, Andy.
But, yeah, go on to April.
April, Nintendo said that 160,000 users were impacted
by a mass account hijacking account caused by the NNID legacy logon system.
Legacy logon system strike again,
and I'm sure all those 160k users
can find their details in Have I Been Pawned? I'm sure they can. So May, the, oh, I'm trying
to do this. So the budget airline EasyJet revealed a data breach exposing data belonging to 9 million
customers, which did include financial records. But let's be honest. Well, we're jerks on the criminals because we're all poor people.
I was about to say.
You picked the wrong airline to say.
They're all prepaid credit cards, mate.
You got another one, Andy?
So this is about Blackboard, the cloud service provider that was hit by ransomware,
you know, who hijacked all its systems.
And this company actually paid the ransom to stop client data.
We covered this.
We did cover this because they only announced it later in the year.
It was around this time.
They announced it quite late.
But, you know, they sort of made themselves out to be the heroes by paying the ransom.
Whereas I think all their impacted clients just wanted them to do security right in the first place.
Yeah.
I think, Jav, you also missed something from April, which was Host Unknown start their podcast.
Oh, yes.
No, continue their podcast.
Continue, yes.
After the mid-season break that lasted for a year.
High ages. Okay, June, University of California, San Francisco,
paid a $1.14 million ransom to hackers in order to save COVID-19 research.
Bastard.
A lot of good that money is now that Americans are saying,
we don't want the vaccine.
And they still haven't got
it anyway no it's just been approved it's just been approved uh i think uh breaking news this
morning ah it was uh overnight for us in the uk it was i tell you what operation warp speed has
made sure they got right to the front of the queue on that yeah well i think the fact that everyone
else has approved it um yes, Canada approved it yesterday.
No, Canada approved it on Wednesday.
Yeah, and I think the Americans have just sort of looked around and gone,
oh, fuck it, yeah.
Might as well, everyone else has.
What's the worst that could happen?
Nobody's taking it.
July, MGM Resorts, a hacker, put the records of 142 million MGM guests online for sale.
Lovely.
You can't stay anywhere without having your details done.
And the check-in agents are so insistent on taking photos, you know, scans of your passport,
print your card.
It's just frustrating that they take all this information and can't even protect
it yeah so july we're still uh feeling good about the lockdown now we're coming out the other side
looking bright to the future it's nice and sunny in the uk um a company called experience in august
sorry this is so in august a companyian, and this relates to their South African branch,
they disclosed a data breach which impacted 24 million customers.
Amateurs.
Amateurs.
Looking into the detail of this data-breaking company.
So despite it being about a data breach, this wasn't actually a cybersecurity incident.
This looks to be a KYC failing.
And it looks like...
I know your customer.
I know your customer.
Oh, right, right, right.
Not a bargain bucket.
I can feed the family for $9.99.
And, yeah, so it looks like they also managed to get the data back.
They tracked down the person responsible, took the data back,
and it looks like that person's intention was to mass mail.
They took it back.
How do they know they didn't make a copy?
They took everything from the house.
Including the cloud?
The South African police don't mess around, Tom.
And they took his fingers as well.
This man's been incentivised never to touch a computer again.
Chopped his hands off at the wrist.
On that lovely note, September, NS8,
the CEO of the cyber fraud start-up was accused of defrauding investors
out of $123 million. dollars oh this was a great i think
we covered this as a billy big ball story uh at one point this was uh this was the ceo that
wouldn't let his uh finance team look at the bank accounts yeah oh. Oh, that's brilliant.
Jan.
Oh, it's me.
God.
Sorry.
Hold on.
October.
Dickies.
The U.S. barbecue restaurant chain suffered a point-of-sale attack between July and August.
Three million customers had their card details later posted online.
Do you know what? i think the devil's
in the detail here between july 2019 and august 2020 i didn't i didn't wow okay
not just a month but 13 months and here's me thinking oh they picked it up quick
well this is what's the uh the average detection time is
is like 200 days or something six months roughly something like that i mean it it changes all the
time and it depends on who you you know yeah which do you look at which article yeah who's
who's sponsoring it yeah exactly yeah as soon as they deploy the ransomware, we detect it. Yeah.
Which leads us nicely into November.
And this is one where a fake Zoom invite cripples an Aussie hedge fund with an $8 million hit.
And this was a story we covered last month from Jav
about the Sydney hedge fund that collapsed after a cyber attack
triggered by a fake Zoom invite,
which saw its trustee mistakenly approve an $8.7 million fortunate invoice.
And the company, although they managed to claw back a lot of the money,
they then lost some of their biggest clients as a result of this and ended up going down.
some of their biggest clients as a result of this and ended up going down.
A very rare case of actually a cyber attack resulting in the company going out of business.
Yeah.
It doesn't happen all the time. No.
And I think it, so you might be able to attribute some of Travelex's downfall to the ransomware attack,
but this is like a very clear cut cut and dry case of yeah phishing attack
credentials leaked bc and company collapse i think it's it's something that you know
we'll we should look at a lot more carefully in the future
that i think you know we we might see a bit more of these kinds of things happening, unfortunately.
OK, and December and oh, look, we're recycling some news here.
So FireEye disclosed a cyber attack suspected to be the work of a nation state group, Russia. The cyber security firm said the hack resulted in penetration tools being stolen.
And FireEye were very, very good about this.
And as we mentioned earlier, I think everybody,
or everybody that counts anyway in the industry,
has been very supportive and encouraging of FireEye,
both in what happened to them and, more importantly,
what they did afterwards.
what they did afterwards.
And that was our...
Look back on a year.
I definitely think we should insert the Don't look back in anger.
Yeah.
I ain't got time for that shit.
I've got a day job.
Oh, now he has a day job.
Right, folks. I ain't got time for that shit. I've got a day job. Oh, now he has a day job. Yeah.
Right, folks, we are at time.
Thank you very much.
I'll just end on one positive story, which I did see this week,
and that is the news that Microsoft has disclosed the fewest vulnerabilities
in a month since January.
Oh, the story that you've marked as a backup topic
rather than an ending.
It is.
Well, I just thought let's start something a bit positive.
Either they've missed a whole load of vulnerabilities
that aren't going to get patched over Christmas.
Quite possible.
Or they did only just release patches for 58 vulnerabilities
across its suite of products.
Is that good news or is that just Microsoft doing the job?
I think it's good news.
A bit of both.
A bit of both, yeah.
Who knows?
Who knows?
Just look, the glass is half full, okay?
Let's just go out on a hike.
Let's fill it up again as well in that case.
Let's just muddle our audience up just as much as we are before we sign off.
Indeed.
Thank you very much, folks.
We are taking a break.
We will be back on the 8th of January, Friday, the 8th of January,
one week exactly after the New Year's Day.
We will be back with basically exactly the same stuff,
to be honest with you.
Nothing's going to change.
I very much doubt we'll update any jingles or anything like that.
So, yes, Andy, thank you very much for your time today.
So we've told Tom that we'll be back on the 8th of January.
If you hit that subscribe button on the podcast program that you're using you may hear from myself and jav over the christmas period
but have a great christmas and stay secure my friends yeah that's right and uh but the the
andy and jav show will be only available to patreon subscribers
money in that virtual can we're rattling in front of you
or just go to the host on our own website and you can you can donate there folks stay secure
so Host Unknown, the podcast, was written, performed and produced by Andrew Agnes, Juvad Malik and Tom Langford.
Copyright 2015, or something like that.
Insert legal agreements here as applicable and binding in your country of residence.
We thank you.
You know, I'd be worried if I didn't know, basically, how lazy
both of you are.
What are you talking about?
Challenge expected. You know,
2020 has been one of those years, every night,
and I think this was a tweet as well, but
it just embodies me so much.
Every night I go to sleep,
think tomorrow's going to be different.
I'm going to get up on time.
I'm going to work out.
I'm going to be productive.
And that's been the case of the whole year.
And nothing's changed.
I'm going to learn a new language.
Order the Aramaic books off Amazon.
Yeah.
Still not open.